Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : 84fd701f2766bbc17790b38fabb06231
 
  • Major Detection Name : TR/Ransom.HDMR.A (Avira), Ransom.BinADS (Malwarebytes)
 
  • Encrypted File Pattern : .hdmr
 
  • Malicious File Creation Location : C:\Users\Public\Documents\1.bat
 
  • Payment Instruction File : ReadMeAndContact.txt
 
  • Major Characteristics :
     - Offline Encryption
     - Block processes execution (backup*, encsvc*, excel*, sql*, xchange*, zoolz* etc.)
     - Stop multi services (acronis*, exchange*, msdts*, pdvf*, pop3*, xchange* etc.)
     - Disable system restore (vssadmin Delete Shadows /all /quiet, vssadmin resize shadowstorage /for=<Drive Letter>: /on=<Drive Letter>: /maxsize=401MB, vssadmin resize shadowstorage /for=<Drive Letter>: /on=<Drive Letter>: /maxsize=unbounded)
     - Delete backup files (*.bac, *.bak, *.bkf, *.dsk, *.set, *.VHD, *.wbcat, *.win, Backup*.*, backup*.*)

List

위로